The name LokiBot allows the purchaser to modify the configuration file and publish it again to steal the victim’s account password and virtual currency wallet password.
The Black Group uses the network download station and e-mail and cracking tools to spread LokiBot malware, and the number of victims of the software is numerous at peak times.
I just released an article where are evidences that demonstrate the current distributed #LokiBot infostealer samples were "hijacked" by a third actor. In the repository there are Scripts for extracting the static config and code for disinfecting. https://t.co/CaweOxdwT1
— d00rt (@D00RT_RM) July 6, 2018
Developers sell malware but don’t open source code:
Initially, LokiBot developers introduced multiple modules for the malware, and those who purchased the malware could customise the module and the corresponding remote server.
However, LokiBot sells and allows customisation but does not open source code, so if you want to use this malware, you must contact the author to pay the license fee.
At the same time, LokiBot has built-in unmodifiable code to connect to the developer’s server. For developers, it can monitor the expiration time of the software that has been sold.
Then it was not long before other hackers cracked it:
Initially, the malware priced at $300 per share, but later hackers sold custom modules that sold hacking tools similar to the software.
At the same time, the price is only 80 US dollars per copy. For the black goods group that wants to buy, since the functions are almost the same, why not buy cheap ones.
Most of the LokiBot malware circulating on the Internet is a tamper-proof version, which is a version that has been packaged and sold again by other hackers.
After tracking, the researchers thought that the source code of LokiBot leaked, and the hacker banned the connection to the developer server and allowed on-demand customisation.
Hack the hacker is not new:
The author of LokiBot, a hacking tool, naturally thinks that it can’t apply for copyright protection, so even if it is cracked and pirated by other hackers, there is no way.
After all, it is not a formal business, so the hacker’s black and black is entirely dependent on technical ability. As long as it can kill the other party, it is victory without infringement and protection.
The most common black eater in the hacker world should be botnets and broilers. It has been happening that botnets have been taken over directly by other hackers.
So all the appliances under the botnet are the hackers under the control of the new hackers until the next time other hackers continue to do the same thing.